Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: [SOLVED] 5.0 GA OSS https redirect disable

  1. #1
    Jurykov is offline Junior Member
    Join Date
    Jan 2008
    Posts
    6
    Rep Power
    7

    Default [SOLVED] 5.0 GA OSS https redirect disable

    Hello,

    Just upgraded to 5.0 GA OSS and everything went very smoothly. Have been running it for about 48 hours with no problems at all. Thank you to everyone at Zimbra for making such a great piece of software.

    Now for my problem. I set zmtlsctl redirect, and everything worked as expected. All connections get redirected to https as they should. Some of my users are not very computer savvy (and geographically separated), and they are having trouble accepting the SSL certificate in IE.

    I would like to revert back to standard HTTP, but it doesn't seem to be working.

    zmtlsctl redirect:
    Redirects to https as expected

    zmtlsctl http:
    Attempting to connect to the standard http port, redirected to https and getting a unable to connect error

    zmtlsctl both:
    Login is redirected to https, and UI stays in https

    zmtlsctl mixed:
    Login is redirected to https, UI stays in https

    (zmcontrol stop and start between all of the above)

    I would like to just revert back to straight http for now. Anyone see what I'm missing?

    Thanks

  2. #2
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

  3. #3
    Jurykov is offline Junior Member
    Join Date
    Jan 2008
    Posts
    6
    Rep Power
    7

    Default

    When I have it set to redirect mode grepping auth shows the following:

    zimbra@mail:~$ zmprov gs mail.xxxx.com | grep Auth
    zimbraMtaAuthEnabled: TRUE
    zimbraMtaAuthHost: mail.xxxx.com
    zimbraMtaAuthTarget: TRUE
    zimbraMtaAuthURL: http://mail.xxxx.com/service/soap/
    zimbraMtaTlsAuthOnly: TRUE
    zimbra@mail:~$ zmprov gs mail.xxxx.com | grep Mode
    zimbraBackupMode: Standard
    zimbraMailMode: redirect

    After setting to http only mode it shows the same thing

    zimbra@mail:~$ zmprov gs mail.xxxx.com | grep Auth
    zimbraMtaAuthEnabled: TRUE
    zimbraMtaAuthHost: mail.xxxx.com
    zimbraMtaAuthTarget: TRUE
    zimbraMtaAuthURL: http://mail.xxxx.com/service/soap/
    zimbraMtaTlsAuthOnly: TRUE

    Do these look correct?

    Redirect mode works, http only does not. I'm perplexed that under redirect mode, with that URL set to regular http that it is working, shouldn't it be set to https in that mode?

    Trying to set the zimbraMtaAuthUrl to http://mail.xxxx.com:80/service/soap/ (like the example on the page you linked) gives me an error. Setting it to mail.xxxx.com makes no change.

    Thanks for pointing me to that page. I'm going to try to play with it a little tonight, now that most of my users have gone home.

    Any other ideas you might have would be appreciated.

  4. #4
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Did you restart jetty?
    zmmailboxdctl restart

  5. #5
    boblin is offline Senior Member
    Join Date
    Jun 2007
    Location
    Czech Republic, Prague
    Posts
    66
    Rep Power
    8

    Default same problem

    I found this strange behaviour. Maybe is the same problem:

    Code:
    zimbra@mail:~$ zmprov gs mail.domain.com zimbraMailMode
    # name mail.domain.com
    zimbraMailMode: mixed
    
    zimbra@mail:~$ zmtlsctl both
    Fri Jan 11 14:53:12 2008  Service archiving is not enabled.  Skipping archiving
    Fri Jan 11 14:53:12 2008  Service imapproxy is not enabled.  Skipping imapproxy
    Fri Jan 11 14:53:12 2008  Rewrote: /opt/zimbra/mailboxd/webapps/zimbra/WEB-INF/web.xml
    Fri Jan 11 14:53:12 2008  Rewrote: /opt/zimbra/mailboxd/etc/jetty.properties
    Fri Jan 11 14:53:12 2008  Rewrote: /opt/zimbra/conf/log4j.properties
    Fri Jan 11 14:53:12 2008  Rewrote: /opt/zimbra/mailboxd/webapps/service/WEB-INF/web.xml
    Fri Jan 11 14:53:12 2008  Rewrote: /opt/zimbra/mailboxd/etc/jetty.xml
    Fri Jan 11 14:53:12 2008  Rewrote: /opt/zimbra/mailboxd/webapps/zimbraAdmin/WEB-INF/web.xml
    zimbra@mail:~$ zmprov gs mail.domain.com zimbraMailMode
    # name mail.domain.com
    zimbraMailMode: both
    
    zimbra@mail:~$ zmcontrol stop;zmcontrol start
    Host mail.domain.com
            Stopping stats...Done
            Stopping mta...Done
            Stopping spell...Done
            Stopping snmp...Done
            Stopping archiving...Done
            Stopping antivirus...Done
            Stopping antispam...Done
            Stopping imapproxy...Done
            Stopping mailbox...Done
            Stopping logger...Done
            Stopping ldap...Done
    Host mail.domain.com
            Starting ldap...Done.
            Starting logger...Done.
            Starting mailbox...Done.
            Starting antispam...Done.
            Starting antivirus...Done.
            Starting snmp...Done.
            Starting spell...Done.
            Starting mta...Done.
            Starting stats...Done.
    zimbra@mail:~$ zmprov gs mail.domain.com zimbraMailMode
    # name mail.domain.com
    zimbraMailMode: mixed

  6. #6
    Rich Graves is offline Outstanding Member
    Join Date
    Jan 2007
    Location
    Minnesota
    Posts
    718
    Rep Power
    9

    Default

    zmtlsctl redirect doesn't redirect all URLs. For example, if you've already logged in, http://server.com/home/~/Calendar.html can be browsed as HTTP. This also means that cookies aren't tagged as restricted to https.

  7. #7
    Jurykov is offline Junior Member
    Join Date
    Jan 2008
    Posts
    6
    Rep Power
    7

    Default

    I've been away from an internet connection for a little over a week, and thought I'd give this a little bump. I still can't get my connection back to http only. When I set:

    zmtlsctl http

    My connection is still redirected to https and fails to load any page at all (in both IE7 and Firefox).

    Is there any other information I can post to give someone some idea of what is going on? I've tried every setting, used zmcontrol stop/start or restarted jetty and even resorted to a soft boot inbetween changes, but nothing seems to make a difference.

    Thanks to those who have chimed in so far, but nothing I've tried has made a change yet.

  8. #8
    trogers is offline Starter Member
    Join Date
    Mar 2008
    Posts
    2
    Rep Power
    7

    Default 5.0 https redirect disable

    I just wanted to mention that I am having precisely the same problem. I am using the Network version trial.

    I also configured for https 'redirect' mode immediately after my initial installation, but wanted to reconfigure to 'http' or 'mixed' mode to better support older web clients. Neither worked.

    My guess is that there is some Jetty configuration which is not being reset correctly. But that is only a guess.

    Has anyone found a solution to this bug?

  9. #9
    trogers is offline Starter Member
    Join Date
    Mar 2008
    Posts
    2
    Rep Power
    7

    Default SOLUTION: 5.0 https redirect disable

    According to Zimbra support, this is a known issue:

    Bug 24884 - zmtlsctl doesn't update zimbra.web.xml.in or zimbraAdmin.web.xml.in

    and they offer the following workaround:

    su - zimbra

    cp /opt/zimbra/jetty/etc/zimbra.web.xml.in /tmp/zimbra.web.xml.in

    edit /opt/zimbra/jetty/etc/zimbra.web.xml.in, and remove the "REDIRECT" section, it's close to the bottom of the file.

    zmtlsctl http

    zmcontrol stop

    zmcontrol start

    At this point, http mode should be working. If you wish to use the "both" mode, you can run:

    zmtlsctl both

    zmcontrol stop

    zmcontrol start

    Hope this helps!

  10. #10
    Jurykov is offline Junior Member
    Join Date
    Jan 2008
    Posts
    6
    Rep Power
    7

    Default

    Thank you very much. I had pretty much given up on this as we had gotten used to it. This fix worked perfectly. Hope this helps someone else as well.

    Thanks again,

    Jurykov

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Redirect http to https
    By rwjblue in forum Administrators
    Replies: 31
    Last Post: 10-13-2010, 12:44 AM
  2. [SOLVED] Upgraded to 5.0 OSS - Sendmail Problem
    By Chewie71 in forum Installation
    Replies: 11
    Last Post: 12-28-2007, 07:07 PM
  3. ZCS 5.0 FOSS is Released!!!
    By jholder in forum Announcements
    Replies: 1
    Last Post: 12-21-2007, 12:21 PM
  4. HTTP to redirect to HTTPS
    By djve in forum Installation
    Replies: 3
    Last Post: 05-30-2007, 06:28 AM
  5. Redirect to https!
    By celeron in forum Administrators
    Replies: 2
    Last Post: 03-10-2007, 12:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •